All Apps and Add-ons

how to resolve splunk permission denied for snmp port 162?



I'm trying to configure snmp modular input to listen snmp traps, I see the permission denied error in internal logs for snmp. We are using RHEL, how to use ip tables to route to different port? OR is there any other way to resolve this one?

0 Karma

Ultra Champion

You are most likely not running Splunk with a user that has permission for opening ports < 1024
Mentioned inline in the annotation for the port field on the setup page.

alt text

0 Karma


What version of RHEL are you using? If you are using 7 or higher then you can just use the firewalld service and firewall-cmd to enable it.

NOTE: Make sure that all your host firewall rules aren't already using iptables.

if not already, enable firewalld
# systemctl start firewalld

Then start firewalld
# systemctl start firewalld

Just add the ports/services that you want to allow in:
# firewall-cmd --add-service=snmp --perm
(note: the --perm option makes it permanent after reloading)

Now just reload the firewall rules and you should be good to go.
# firewall-cmd --reload

To doublecheck that it was added, just run:
# firewall-cmd --list-services

You should now see "snmp" as one of the services.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...